How to build a persistence Service for Android?

(The C# Dude) #1

Hey guys,
currently I’m working on a RAT for Android devices. The general idea is to write a simple app, which runs a malicious service on boot. This service then waits for commands to execute from a Server application on a computer.

I got that running, but my problem is that I wish to make the service persistent. At the moment the service gets (Of course) uninstalled, when the victim uninstalls the application, but I want it to work further on, even if the host app gets removed ;).

Maybe some of you know Dendroid. It is a RAT for Android, which also runs a service on startup, but this service persists, even if the host app gets uninstalled. So here’s my question: Does some of you know how to make a service persistent? I thought of injecting a service into another app or installing a new app - Maybe called “SystemService” or something similiar -, which shouldn’t get removed by the victim.

I am writing the whole RAT in C# with Xamarin, but ideas how to write it in Java would be appreciated too :slight_smile:. When I’m done with the RAT, I think I’ll post the code with explanations here, so your help won’t be useless :wink:

Thanks in advance!



Perhaps something like that would work. Not too sure if injecting a service into another app would work. Although, good luck on it.


(Leader & Offsec Engineer & Forum Daddy) #3

You’ll need root privledges undoubtedly. I think the Android system works fairly similarly to the Linux system, I don’t know the init method, although I’m sure there is one. You’ll want to install it to the relevant directory for the init method, and then run the code from bootup. You’ll need root privledges for that, however I think it could work.

I’d be exited to this work, it could be a useful POC, and it really makes you think what Android malware could be capable of.

1 Like

(The C# Dude) #4

Mmh, yes… I thought, it won’t be such an easy task ;). I’ll work on the other parts of my RAT first and think about this problem later. That doesn’t mean your ideas aren’t appreciated! Please feel free to share your thoughts further on here, that we can discuss them together. Maybe we find a way :slight_smile:.

I’ll have a look at the injecting idea, but as @pry0cc said, we’ll probably need root for that… Maybe we only need special privileges, which we can request, when it installs. I rarely know people, who are interested in the privileges, their apps need (One of my friends, who uses Android since 2 years now, didn’t even know what he accepts when he agrees :expressionless:), so that wouldn’t be a problem, for a majority of Android users.


(Not a N00b, but still learning) #5

If there’s not a major bug in the Android OS, you’ll definitely need root. As soon as you have root permissions, you can install your app as a system app (by copying it to /system/app).
Once you are a system app, set your service as persistent
In order to make it harder to remove your app, you could maybe try to add another user group with root permissions just for your app (if that works), and then unroot the phone.
Also, integrating various rooting exploits would ensure success.

Whatever you implement, I’m eager to see the results :slight_smile:


(The C# Dude) #6

Thanks, great share! It’s my first Android app, so getting root within it could be a bit difficult for me, but we’ll see what I can do :wink:.

1 Like

(Not a N00b, but still learning) #7

It shouldn’t be hard, because it’s nothing different than executing commands/scripts as su. A neat method to check for root in Xamarin:

1 Like


I remember playing around with metasploit and the android meterpreter I ran into the same issue. The device needed to be rooted to do a persistence.
I have to get into that again, hacking android devices is really fun. But I have to work on my programming skills first :frowning2:

Let me know when your persistence is working, this topic is really interesting :slight_smile:



Yeah it seems they’re right mate! Somehow get the Android device rooted and grant super user privileges.


(system) closed #10

This topic was automatically closed after 30 days. New replies are no longer allowed.